× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f3b602b1219414ab7abb4995bc19646ce03e72e79297d138c3c3de6df1375513
File name: zz.exe
Detection ratio: 34 / 46
Analysis date: 2013-03-08 00:42:13 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
AVG Downloader.Generic13.AHJL 20130307
Agnitum Trojan.IRCBot!ip3koNB1zQQ 20130307
AhnLab-V3 Win32/IRCBot.worm.Gen 20130307
AntiVir TR/Downloader.Gen 20130308
Avast Win32:Malware-gen 20130308
BitDefender Generic.Malware.SI!Fdld.8B05CAD0 20130308
Commtouch W32/IRCBot-based!Maximus 20130307
Comodo UnclassifiedMalware 20130307
DrWeb DLOADER.IRC.Trojan 20130308
ESET-NOD32 Win32/IRCBot.NHV 20130308
Emsisoft Generic.Malware.SI!Fdld.8B05CAD0 (B) 20130308
F-Prot W32/IRCBot-based!Maximus 20130307
F-Secure Generic.Malware.SI!Fdld.8B05CAD0 20130307
Fortinet W32/IRCBot.NHV 20130307
GData Generic.Malware.SI!Fdld.8B05CAD0 20130308
Ikarus Win32.SuspectCrc 20130307
K7AntiVirus Trojan 20130307
Kaspersky Trojan.Win32.Genome.alwzo 20130307
Kingsoft Win32.Troj.Generic.a.(kcloud) 20130304
McAfee RDN/Generic Downloader.x!bx 20130308
McAfee-GW-Edition RDN/Generic Downloader.x!bx 20130308
MicroWorld-eScan Generic.Malware.SI!Fdld.8B05CAD0 20130308
Microsoft Trojan:Win32/Ircbrute 20130307
NANO-Antivirus Trojan.Win32.IRCBotbased.bhqrif 20130307
Norman Troj_Generic.IAMFH 20130307
PCTools Net-Worm.Spybot.C!rem 20130308
Panda Trj/OCJ.D 20130307
Rising Suspicious 20130307
Sophos Troj/Bckdr-RPG 20130308
Symantec W32.Spybot.Worm 20130308
TrendMicro BKDR_IRCBOT.MEO 20130308
TrendMicro-HouseCall BKDR_IRCBOT.MEO 20130308
VIPRE Trojan.Win32.Ircbrute 20130308
nProtect Trojan-Downloader/W32.Small.43008.BF 20130307
Antiy-AVL 20130307
ByteHero 20130304
CAT-QuickHeal 20130307
ClamAV 20130308
Jiangmin 20130307
Malwarebytes 20130308
SUPERAntiSpyware 20130308
TheHacker 20130307
TotalDefense 20130307
VBA32 20130307
ViRobot 20130307
eSafe 20130307
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-04 20:40:30
Link date 9:40 PM 3/4/2013
Entry Point 0x00001110
Number of sections 5
PE sections
PE imports
RegSetValueExA
RegCloseKey
RegCreateKeyExA
EnterCriticalSection
TerminateThread
ExitProcess
VirtualProtect
GetModuleFileNameA
DeleteCriticalSection
GetAtomNameA
AddAtomA
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
IsDBCSLeadByteEx
CreateThread
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
CreateProcessA
InitializeCriticalSection
VirtualQuery
FindAtomA
Sleep
CreateFileA
LeaveCriticalSection
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
setsockopt
socket
closesocket
ntohl
inet_addr
send
WSAStartup
gethostbyname
connect
sendto
inet_ntoa
htons
recv
__p__fmode
malloc
toupper
__p__environ
__lc_codepage
atexit
abort
_setmode
_assert
printf
_pclose
_getpid
strlen
strncpy
_cexit
fputc
strncat
puts
_errno
_tzset
_onexit
wcslen
exit
sprintf
strrchr
rand
strchr
srand
_timezone
fgets
time
free
getenv
atoi
__getmainargs
memcpy
_popen
memmove
localeconv
strtok
strcmp
strcpy
__mb_cur_max
__set_app_type
_daylight
signal
_iob
URLDownloadToFileA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:03:04 21:40:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
33280

LinkerVersion
2.56

FileAccessDate
2014:03:25 13:54:41+01:00

EntryPoint
0x1110

InitializedDataSize
41984

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

FileCreateDate
2014:03:25 13:54:41+01:00

UninitializedDataSize
3072

File identification
MD5 fcfb7d6fbdc9f49150d748760565c0fa
SHA1 2583aa7ff8050cbad624958acfc9cae3408d1e53
SHA256 f3b602b1219414ab7abb4995bc19646ce03e72e79297d138c3c3de6df1375513
ssdeep
768:147CiixLDOTbMEn1/CS21eScmaiukhfNWGgglT2KX+LEQ:VuhdW1eSFaiukhsGZN2++Z

imphash 2133bc5506b87c49f493451d54cbdcfd
File size 42.0 KB ( 43008 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.6%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
Win16/32 Executable Delphi generic (4.6%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2013-03-05 05:04:24 UTC ( 1 year, 1 month ago )
Last submission 2014-03-25 12:54:57 UTC ( 4 weeks ago )
File names zz.exe
zzz.exe
75BC8CEF.VBN.00003688.5A.out
zzz.exe
file-5223914_exe
zzz.exe.bak
malware
zzz_.txt
fcfb7d6fbdc9f49150d748760565c0fa
zz.exe
zzz.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!